Talking about WinPCap and computer network protocol

For some protocol analysis, we can use the power of some software. Here we will explain the WinPCap and computer network protocols. Let's take a look at the working principle of WinPCap:

System Development and Application WinPcap supports information packet capture and network analysis on the Win32 platform. Its main idea is derived from the most famous packet Interception Architecture in Unix systems, currently, it has been applied in many fields, such as network monitoring and e-invigilation. (2) 103. the basic structure of WinPcap consists of three modules.

(1) kernel-level network group packet filter (Netgroup PacketFilter, NPF ). the driver running in the operating system kernel directly interacts with the NIC Driver. its main function is to filter data packets and append the timestamp, length, and other information on the package. it directly acquires data packets from the data link layer and sends them to applications running at the user layer without modification. It also allows users to send original data packets.

(2) low-level dynamic link library (Packet. d11 ). it is used to provide a public interface for the data packet driver on the Win32 platform and isolate the application and the data packet listening device driver so that the program can run on different Windows systems without modification.

(3) Wpcap. d11 ). work at the user level, compile together with the application, and use Packet. the modules provided by dll provide complete listening interfaces for applications. wpcap. the dll module is fully compatible with the Libpeap library provided by the BSD Interception Architecture in Unix systems. It provides a set of powerful and cross-platform functions, you can ignore the adapter and operating system types.

System Development and Application

WinPCap applications at the upper layer provide network listening interfaces through which applications can capture packets sent or received in network communication. therefore, the network protocol experiment system can use WinPCap to capture and display data packets generated in actual network communication. the main purpose of the experimental system is to facilitate understanding of computer network protocols. Therefore, the system focuses on the following two aspects of the Principles and protocols of computer networks.

(1) protocol layering. currently, the actual computer network is based on the TCPIP architecture. The entire network protocol is divided into four layers: interface layer, Internet layer, transmission layer, and application layer, there are several protocols at each layer. therefore, after capturing data packets, the data is split by protocol. Different protocol data is stored in the corresponding protocol hierarchy, and the protocol hierarchy is represented in a hierarchical manner, in this way, the network architecture principles are presented in an image and in a specific way.

(2) protocol format. the main task of the experiment system is to extract the data of each layer protocol in the data packet, accurately define the start and end of each protocol, and mark the data of each protocol. The system can refer to the communication data, the meaning of each field in each protocol is automatically analyzed. The corresponding network protocol knowledge must be used for analysis based on the specific communication data.

To understand the specific implementation of the protocol layered structure, the system uses the complete and continuous display of the data of the entire data packet during development. The data of each protocol is highlighted in colors, by observing the data of different protocols, we can understand how to assemble complete communication data packets through multi-layer protocols in computer communication.

The system processes the communication data. first, use the pcap-findalldevs function of WinPCap to obtain the computer's Nic, and display the available NIC (some computers may have multiple NICS) list for the user to choose. the system provides an operation interface for you to select the NIC and set the filtering conditions for the communication data packets. The system uses the pcap-open-live function of WinPCap to open the interface for the NIC based on your settings, use the pcap-setfilter function to set filtering conditions, capture communication data packets using pcap-dispatch or pcap-next-ex, and display the data packet list for users to choose from. if you select a data packet, the system splits the data packet, defines and displays the data of different protocols based on the protocol hierarchy and Protocol format.

The system provides some auxiliary functions of the experiment report, such as generating the template of the experiment report. Based on the selected computer network protocol data, enter the meaning of each field and generate and print the experiment report. the main interface 3 of the experiment system is shown in. the interface mainly includes:

① The NIC (network adapter) List is displayed on the top; ② the captured packet list is displayed in the middle of the interface. The List displays some key information about the packet; ③ each protocol and its data are displayed at the bottom, which consists of two parts. The name of the Protocol is displayed on the left and displayed according to the protocol layering requirements, data packets in hexadecimal format are displayed on the right. When the protocol name is selected on the left, the header data of the corresponding protocol is highlighted in red.

The system occupies a small amount of resources, so it can run properly on a computer with low configuration. The only requirement is that the computer can be connected to the computer network, even if it is not connected to Intemet, experiments can also be carried out conveniently in the LAN environment. during the experiment, you do not need a dedicated server or special settings for communication between computers. to install and run the system, you only need to use the computer for proper network operations, for example, if you use a browser to browse the school homepage to generate certain network communication packets, the system automatically captures these packets and analyzes them. the operation process of the system is very simple, easy to grasp, and very suitable for non-computer professional use. The system has been used in the experiment of "Computer Network Technology" course of our school's industrial engineering major, with good results.

Conclusion

A network protocol analysis experiment system is developed for the computer network courses in colleges and universities to solve the problem of expensive network equipment and fast upgrading. The teaching unit cannot allocate enough funds to configure specialized network laboratories, this results in the fact that students have insufficient or even unable to perform experiments, which seriously affects the quality of teaching. this system allows students to understand computer network protocol layering and its implementation, and conduct Ethernet frame format analysis and IP (mainly IPv4 at present) data packet format analysis, IP control management protocol-ICMP packet format analysis, TCP and UDP packet analysis, Hrll 'P protocol analysis and other experimental teaching content. the use of network protocol experimental software system in the teaching and experimental processes of computer network courses can make up for the abstract and boring shortcomings of the teaching process of network principles, and can visually display the process of real network work, this gives students a better understanding of computer networks and the Internet.